Overview

overview

10

Static

static

10

2848-8-0x0...ry.exe

windows7-x64

2848-8-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2848-8-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    4373fb880af7ba67d06216bc5116d5dd

  • SHA1

    dde4836215413283906cca4b86208fdf23b9edfc

  • SHA256

    8a983597f1d698ee3fa03845ee32232dde7665d036327a4af17993f445211118

  • SHA512

    f065cfc61ea620d665bcc90e7adf0734a60dc0a3b3410d3256165ced1e4080cd2f80ce800580651e0def491768f1803ba7ef1294312e8e7aeccfcf0e3d722bf2

  • SSDEEP

    49152:uvKY52fyaSZOrPWluWBuGG5g5h/0Ha95bQDk/mLoGdzSTHHB72eh2NT:uv/52fyaSZOrPWluWBDG5g5hEaM

Score
10/10
updatequasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

update

C2

127.0.0.1:4782

Mutex

ddb0d81d-667e-44c3-a1b7-00fcb82dd1ef

Attributes
  • encryption_key

    00DF680B0E09235E9256570DFF972BC701444E37

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    putty

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2848-8-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections